[PATCH] doc: add capability to access physical addresses

Dmitry Kozlyuk dmitry.kozliuk at gmail.com
Sun Jan 15 13:46:06 CET 2023

Previous message (by thread): [PATCH] doc: add capability to access physical addresses
Next message (by thread): [PATCH] doc: add capability to access physical addresses
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

2023-01-14 18:27 (UTC-0800), Stephen Hemminger:
> DAC_OVERRIDE is like having the master key. It opens all doors
> and if so, running as non-root really doesn't matter that much.
> 
> Ideally, a finer grain permission could be used.
> Recommending this to users seems wrong.

According to my tests, DAC_READ_SEARCH can be used instead of DAC_OVERRIDE.
It seems slightly better, because it doesn't bypass write permission checks.
Although I agree with Isaac that SYS_ADMIN is already very powerful,
and remember that the final goal is to perform unrestricted DMA.
Boris, Isaac, is DAC_READ_SEARCH sufficient on your systems?

Previous message (by thread): [PATCH] doc: add capability to access physical addresses
Next message (by thread): [PATCH] doc: add capability to access physical addresses
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the stable mailing list